Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f405a2-4e3e-4621-971d-bf8f3d43884f/1/D0FpMzUMOHlTHgOQquoOm_tX7Ic.roa
File:                     D0FpMzUMOHlTHgOQquoOm_tX7Ic.roa (raw, json)
Hash identifier:          ApHkGTp1xzpuy2KmBO8kGCbsln8xnxRu3GYMVJCivTo=
Subject key identifier:   0F:41:69:33:35:0C:38:79:53:1E:03:90:AA:EA:0E:9B:FB:57:EC:87
Certificate issuer:       /CN=acc19a8c7f17411449c7d48ff9308d24832e952b
Certificate serial:       0E03AC22
Authority key identifier: AC:C1:9A:8C:7F:17:41:14:49:C7:D4:8F:F9:30:8D:24:83:2E:95:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rMGajH8XQRRJx9SP-TCNJIMulSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f405a2-4e3e-4621-971d-bf8f3d43884f/1/D0FpMzUMOHlTHgOQquoOm_tX7Ic.roa
Signing time:             Sat 01 Jan 2022 07:55:44 +0000
ROA not before:           Sat 01 Jan 2022 07:55:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21221
IP address blocks:        2001:67c:7f8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 235121698 (0xe03ac22)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acc19a8c7f17411449c7d48ff9308d24832e952b
        Validity
            Not Before: Jan  1 07:55:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0f416933350c3879531e0390aaea0e9bfb57ec87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:53:69:b1:0f:6e:03:03:a1:bc:0c:52:b2:72:
                    d1:b8:0e:6c:8c:92:dd:d2:7b:f0:9e:01:2e:7a:a0:
                    8a:ce:d7:b1:49:62:e6:29:49:da:e6:3b:97:57:81:
                    49:a5:b0:3d:59:1f:41:d3:fc:d4:c8:21:72:b4:2a:
                    10:fd:9a:1b:ff:b1:09:5c:13:7d:43:41:dd:eb:1b:
                    bd:e7:35:6a:da:de:27:6c:1a:1a:fe:1d:ef:95:35:
                    9a:87:dc:36:79:d0:c1:94:20:c4:3c:b4:d0:8e:7b:
                    b3:f4:f5:07:49:f0:4b:e0:01:32:1c:4c:a2:89:3e:
                    7f:2a:4c:96:f4:5d:19:64:2c:ca:82:85:00:0d:ab:
                    7f:68:27:b2:ee:1d:91:f1:21:d1:d1:ef:36:de:e8:
                    79:8a:ac:5c:23:82:c8:c1:2d:e7:48:70:31:df:78:
                    2a:2c:f6:fd:6b:b8:45:11:96:fa:e3:62:f9:98:ea:
                    ff:50:bf:c1:e7:9f:b4:29:5d:67:e3:c0:17:5c:f3:
                    3a:45:f5:b5:13:ee:b8:b6:aa:79:e5:0c:b5:93:45:
                    84:e1:ad:d2:4c:c9:34:f5:a4:a9:a4:fb:93:44:36:
                    29:5f:15:83:8c:72:d7:ce:57:eb:df:70:72:2b:6d:
                    04:c3:f9:a7:5a:b2:6b:d3:c2:e6:ad:a5:70:b5:9e:
                    ef:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:41:69:33:35:0C:38:79:53:1E:03:90:AA:EA:0E:9B:FB:57:EC:87
            X509v3 Authority Key Identifier:
                keyid:AC:C1:9A:8C:7F:17:41:14:49:C7:D4:8F:F9:30:8D:24:83:2E:95:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rMGajH8XQRRJx9SP-TCNJIMulSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f405a2-4e3e-4621-971d-bf8f3d43884f/1/D0FpMzUMOHlTHgOQquoOm_tX7Ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f405a2-4e3e-4621-971d-bf8f3d43884f/1/rMGajH8XQRRJx9SP-TCNJIMulSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:7f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:29:53:dc:25:2d:c8:fd:7b:fd:58:6f:de:fa:3d:45:f5:64:
         a7:d8:70:e9:76:00:87:ca:51:f8:9d:7f:1f:c6:10:31:d7:18:
         f0:58:79:ff:01:81:cd:ce:d5:22:fc:30:31:b5:4d:23:08:fb:
         e9:17:63:d5:0e:d5:1f:42:2d:05:19:01:33:47:84:cc:8d:7b:
         2e:07:d2:8a:e7:23:3d:ee:40:09:af:83:3e:74:51:32:cd:0d:
         c2:b0:80:41:dd:fa:1d:cf:31:87:aa:fd:fa:a2:11:ea:af:ef:
         21:c7:0d:d1:85:e0:49:f9:d7:57:3f:02:ba:e1:fa:6e:3f:5a:
         cd:83:89:d5:6a:c6:d5:aa:22:ae:3d:0a:b8:cf:2e:80:72:d5:
         65:fb:42:d9:b8:98:f0:19:6d:62:ec:e6:46:01:a4:20:1c:7d:
         50:b6:5d:d9:d1:8b:40:c0:94:4a:3a:92:02:cc:c1:3a:85:84:
         4f:70:e3:a9:44:7e:21:5e:bf:fe:db:13:43:82:c6:80:93:11:
         4d:b9:18:72:27:20:dd:39:9a:55:94:1c:c6:75:87:aa:54:46:
         84:90:40:82:d6:65:b7:27:d0:f0:f9:3f:cb:a7:91:51:36:af:
         5a:83:7f:bd:ca:33:94:69:fe:4c:d8:5c:04:81:31:ff:4c:5c:
         c1:79:0e:22
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEDgOsIjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
Y2MxOWE4YzdmMTc0MTE0NDljN2Q0OGZmOTMwOGQyNDgzMmU5NTJiMB4XDTIyMDEw
MTA3NTU0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGY0MTY5MzMzNTBj
Mzg3OTUzMWUwMzkwYWFlYTBlOWJmYjU3ZWM4NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANNTabEPbgMDobwMUrJy0bgObIyS3dJ78J4BLnqgis7XsUli
5ilJ2uY7l1eBSaWwPVkfQdP81MghcrQqEP2aG/+xCVwTfUNB3esbvec1atreJ2wa
Gv4d75U1mofcNnnQwZQgxDy00I57s/T1B0nwS+ABMhxMook+fypMlvRdGWQsyoKF
AA2rf2gnsu4dkfEh0dHvNt7oeYqsXCOCyMEt50hwMd94Kiz2/Wu4RRGW+uNi+Zjq
/1C/weeftCldZ+PAF1zzOkX1tRPuuLaqeeUMtZNFhOGt0kzJNPWkqaT7k0Q2KV8V
g4xy185X699wcittBMP5p1qya9PC5q2lcLWe7xkCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQPQWkzNQw4eVMeA5Cq6g6b+1fshzAfBgNVHSMEGDAWgBSswZqMfxdBFEnH
1I/5MI0kgy6VKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JNR2FqSDhYUVJSSng5U1AtVENOSklNdWxTcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmQvZjQwNWEyLTRlM2UtNDYyMS05NzFkLWJmOGYzZDQzODg0Zi8x
L0QwRnBNelVNT0hsVEhnT1FxdW9PbV90WDdJYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQv
ZjQwNWEyLTRlM2UtNDYyMS05NzFkLWJmOGYzZDQzODg0Zi8xL3JNR2FqSDhYUVJS
Sng5U1AtVENOSklNdWxTcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwH+DANBgkqhkiG9w0BAQsF
AAOCAQEABilT3CUtyP17/Vhv3vo9RfVkp9hw6XYAh8pR+J1/H8YQMdcY8Fh5/wGB
zc7VIvwwMbVNIwj76Rdj1Q7VH0ItBRkBM0eEzI17LgfSiucjPe5ACa+DPnRRMs0N
wrCAQd36Hc8xh6r9+qIR6q/vIccN0YXgSfnXVz8CuuH6bj9azYOJ1WrG1aoirj0K
uM8ugHLVZftC2biY8BltYuzmRgGkIBx9ULZd2dGLQMCUSjqSAszBOoWET3DjqUR+
IV6//tsTQ4LGgJMRTbkYcicg3TmaVZQcxnWHqlRGhJBAgtZltyfQ8Pk/y6eRUTav
WoN/vcozlGn+TNhcBIEx/0xcwXkOIg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:00 2024 by rpki-client on console-fra.rpki-client.org